1*4d495c6eSApple OSS Distributions /*
2*4d495c6eSApple OSS Distributions * Copyright (c) 2024 Apple Inc. All rights reserved.
3*4d495c6eSApple OSS Distributions *
4*4d495c6eSApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5*4d495c6eSApple OSS Distributions *
6*4d495c6eSApple OSS Distributions * This file contains Original Code and/or Modifications of Original Code
7*4d495c6eSApple OSS Distributions * as defined in and that are subject to the Apple Public Source License
8*4d495c6eSApple OSS Distributions * Version 2.0 (the 'License'). You may not use this file except in
9*4d495c6eSApple OSS Distributions * compliance with the License. The rights granted to you under the License
10*4d495c6eSApple OSS Distributions * may not be used to create, or enable the creation or redistribution of,
11*4d495c6eSApple OSS Distributions * unlawful or unlicensed copies of an Apple operating system, or to
12*4d495c6eSApple OSS Distributions * circumvent, violate, or enable the circumvention or violation of, any
13*4d495c6eSApple OSS Distributions * terms of an Apple operating system software license agreement.
14*4d495c6eSApple OSS Distributions *
15*4d495c6eSApple OSS Distributions * Please obtain a copy of the License at
16*4d495c6eSApple OSS Distributions * http://www.opensource.apple.com/apsl/ and read it before using this file.
17*4d495c6eSApple OSS Distributions *
18*4d495c6eSApple OSS Distributions * The Original Code and all software distributed under the License are
19*4d495c6eSApple OSS Distributions * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20*4d495c6eSApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21*4d495c6eSApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22*4d495c6eSApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23*4d495c6eSApple OSS Distributions * Please see the License for the specific language governing rights and
24*4d495c6eSApple OSS Distributions * limitations under the License.
25*4d495c6eSApple OSS Distributions *
26*4d495c6eSApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27*4d495c6eSApple OSS Distributions */
28*4d495c6eSApple OSS Distributions
29*4d495c6eSApple OSS Distributions /*
30*4d495c6eSApple OSS Distributions * try_read_write.c
31*4d495c6eSApple OSS Distributions *
32*4d495c6eSApple OSS Distributions * Helper functions for userspace tests to read or write memory and
33*4d495c6eSApple OSS Distributions * verify that EXC_BAD_ACCESS is or is not generated by that operation.
34*4d495c6eSApple OSS Distributions */
35*4d495c6eSApple OSS Distributions
36*4d495c6eSApple OSS Distributions #include <assert.h>
37*4d495c6eSApple OSS Distributions #include <stdbool.h>
38*4d495c6eSApple OSS Distributions #include <stdatomic.h>
39*4d495c6eSApple OSS Distributions #include <ptrauth.h>
40*4d495c6eSApple OSS Distributions #include <darwintest.h>
41*4d495c6eSApple OSS Distributions #include <dispatch/dispatch.h>
42*4d495c6eSApple OSS Distributions
43*4d495c6eSApple OSS Distributions #include "exc_helpers.h"
44*4d495c6eSApple OSS Distributions #include "try_read_write.h"
45*4d495c6eSApple OSS Distributions
46*4d495c6eSApple OSS Distributions /*
47*4d495c6eSApple OSS Distributions * -- Implementation overview --
48*4d495c6eSApple OSS Distributions *
49*4d495c6eSApple OSS Distributions * try_read_byte() and try_write_byte() operate by performing
50*4d495c6eSApple OSS Distributions * a read or write instruction with a Mach exception handler
51*4d495c6eSApple OSS Distributions * in place.
52*4d495c6eSApple OSS Distributions *
53*4d495c6eSApple OSS Distributions * The exception handler catches EXC_BAD_ACCESS. If the bad access
54*4d495c6eSApple OSS Distributions * came from our designated read or write instructions then it
55*4d495c6eSApple OSS Distributions * records the exception that occurred to thread-local storage
56*4d495c6eSApple OSS Distributions * and moves that thread's program counter to resume execution
57*4d495c6eSApple OSS Distributions * and recover from the exception.
58*4d495c6eSApple OSS Distributions *
59*4d495c6eSApple OSS Distributions * Unrecognized exceptions, and EXC_BAD_ACCESS exceptions from
60*4d495c6eSApple OSS Distributions * unrecognized instructions, either go uncaught or are caught and
61*4d495c6eSApple OSS Distributions * re-raised. In either case they lead to an ordinary crash. This
62*4d495c6eSApple OSS Distributions * means we don't get false positives where the test expects one
63*4d495c6eSApple OSS Distributions * crash but incorrectly passes after crashing in some unrelated way.
64*4d495c6eSApple OSS Distributions * We can be precise about what the fault was and where it came from.
65*4d495c6eSApple OSS Distributions *
66*4d495c6eSApple OSS Distributions * We use Mach exceptions instead of signals because
67*4d495c6eSApple OSS Distributions * on watchOS signal handlers do not receive the thread
68*4d495c6eSApple OSS Distributions * state so they cannot recover from the signal.
69*4d495c6eSApple OSS Distributions *
70*4d495c6eSApple OSS Distributions * try_read_write_exception_handler()
71*4d495c6eSApple OSS Distributions * our exception handler, installed using tests/exc_helpers.c
72*4d495c6eSApple OSS Distributions *
73*4d495c6eSApple OSS Distributions * read_byte() and write_byte()
74*4d495c6eSApple OSS Distributions * our designated read and write instructions, recognized by
75*4d495c6eSApple OSS Distributions * the exception handler and specially structured to allow
76*4d495c6eSApple OSS Distributions * recovery by changing the PC
77*4d495c6eSApple OSS Distributions *
78*4d495c6eSApple OSS Distributions * try_read_write_thread_t
79*4d495c6eSApple OSS Distributions * thread-local storage to record the caught exception
80*4d495c6eSApple OSS Distributions */
81*4d495c6eSApple OSS Distributions
82*4d495c6eSApple OSS Distributions static dispatch_once_t try_read_write_initializer;
83*4d495c6eSApple OSS Distributions static mach_port_t try_read_write_exc_port;
84*4d495c6eSApple OSS Distributions
85*4d495c6eSApple OSS Distributions /*
86*4d495c6eSApple OSS Distributions * Bespoke thread-local storage for threads inside try_read_write.
87*4d495c6eSApple OSS Distributions * We can't use pthread local storage because the Mach exception
88*4d495c6eSApple OSS Distributions * handler needs to access it and that exception handler runs on
89*4d495c6eSApple OSS Distributions * a different thread.
90*4d495c6eSApple OSS Distributions *
91*4d495c6eSApple OSS Distributions * Access by the Mach exception thread is safe because the real thread
92*4d495c6eSApple OSS Distributions * is suspended at that point. (This scheme would be unsound if the
93*4d495c6eSApple OSS Distributions * real thread raised an exception while manipulating the thread-local
94*4d495c6eSApple OSS Distributions * data, but we don't try to cover that case.)
95*4d495c6eSApple OSS Distributions */
96*4d495c6eSApple OSS Distributions typedef struct {
97*4d495c6eSApple OSS Distributions mach_port_t thread;
98*4d495c6eSApple OSS Distributions kern_return_t exception_kr; /* EXC_BAD_ADDRESS sub-code */
99*4d495c6eSApple OSS Distributions uint64_t exception_pc; /* PC of faulting instruction */
100*4d495c6eSApple OSS Distributions uint64_t exception_memory; /* Memory address of faulting access */
101*4d495c6eSApple OSS Distributions } try_read_write_thread_t;
102*4d495c6eSApple OSS Distributions
103*4d495c6eSApple OSS Distributions #define TRY_READ_WRITE_MAX_THREADS 128
104*4d495c6eSApple OSS Distributions static pthread_mutex_t try_read_write_thread_list_mutex = PTHREAD_MUTEX_INITIALIZER;
105*4d495c6eSApple OSS Distributions static unsigned try_read_write_thread_count = 0;
106*4d495c6eSApple OSS Distributions static try_read_write_thread_t try_read_write_thread_list[TRY_READ_WRITE_MAX_THREADS];
107*4d495c6eSApple OSS Distributions static __thread try_read_write_thread_t *try_read_write_thread_self;
108*4d495c6eSApple OSS Distributions
109*4d495c6eSApple OSS Distributions /*
110*4d495c6eSApple OSS Distributions * Look up the try_read_write_thread_t for a Mach thread.
111*4d495c6eSApple OSS Distributions * If create == true and no info was found, add it to the list.
112*4d495c6eSApple OSS Distributions * Returns NULL if no info was found and create == false.
113*4d495c6eSApple OSS Distributions */
114*4d495c6eSApple OSS Distributions static __attribute__((overloadable))
115*4d495c6eSApple OSS Distributions try_read_write_thread_t *
thread_info_for_mach_thread(mach_port_t thread_port,bool create)116*4d495c6eSApple OSS Distributions thread_info_for_mach_thread(mach_port_t thread_port, bool create)
117*4d495c6eSApple OSS Distributions {
118*4d495c6eSApple OSS Distributions /* first look for a cached value in real thread-local storage */
119*4d495c6eSApple OSS Distributions if (mach_thread_self() == thread_port) {
120*4d495c6eSApple OSS Distributions try_read_write_thread_t *info = try_read_write_thread_self;
121*4d495c6eSApple OSS Distributions if (info) {
122*4d495c6eSApple OSS Distributions return info;
123*4d495c6eSApple OSS Distributions }
124*4d495c6eSApple OSS Distributions }
125*4d495c6eSApple OSS Distributions
126*4d495c6eSApple OSS Distributions int err = pthread_mutex_lock(&try_read_write_thread_list_mutex);
127*4d495c6eSApple OSS Distributions assert(err == 0);
128*4d495c6eSApple OSS Distributions
129*4d495c6eSApple OSS Distributions /* search the list */
130*4d495c6eSApple OSS Distributions for (unsigned i = 0; i < try_read_write_thread_count; i++) {
131*4d495c6eSApple OSS Distributions try_read_write_thread_t *info = &try_read_write_thread_list[i];
132*4d495c6eSApple OSS Distributions if (info->thread == thread_port) {
133*4d495c6eSApple OSS Distributions pthread_mutex_unlock(&try_read_write_thread_list_mutex);
134*4d495c6eSApple OSS Distributions if (mach_thread_self() == thread_port) {
135*4d495c6eSApple OSS Distributions try_read_write_thread_self = info;
136*4d495c6eSApple OSS Distributions }
137*4d495c6eSApple OSS Distributions return info;
138*4d495c6eSApple OSS Distributions }
139*4d495c6eSApple OSS Distributions }
140*4d495c6eSApple OSS Distributions
141*4d495c6eSApple OSS Distributions /* not in list - create if requested */
142*4d495c6eSApple OSS Distributions if (create) {
143*4d495c6eSApple OSS Distributions assert(try_read_write_thread_count < TRY_READ_WRITE_MAX_THREADS);
144*4d495c6eSApple OSS Distributions try_read_write_thread_t *info = &try_read_write_thread_list[try_read_write_thread_count++];
145*4d495c6eSApple OSS Distributions info->thread = thread_port;
146*4d495c6eSApple OSS Distributions info->exception_kr = 0;
147*4d495c6eSApple OSS Distributions pthread_mutex_unlock(&try_read_write_thread_list_mutex);
148*4d495c6eSApple OSS Distributions if (mach_thread_self() == thread_port) {
149*4d495c6eSApple OSS Distributions try_read_write_thread_self = info;
150*4d495c6eSApple OSS Distributions }
151*4d495c6eSApple OSS Distributions return info;
152*4d495c6eSApple OSS Distributions }
153*4d495c6eSApple OSS Distributions
154*4d495c6eSApple OSS Distributions pthread_mutex_unlock(&try_read_write_thread_list_mutex);
155*4d495c6eSApple OSS Distributions return NULL;
156*4d495c6eSApple OSS Distributions }
157*4d495c6eSApple OSS Distributions
158*4d495c6eSApple OSS Distributions static __attribute__((overloadable))
159*4d495c6eSApple OSS Distributions try_read_write_thread_t *
thread_info_for_mach_thread(mach_port_t thread_port)160*4d495c6eSApple OSS Distributions thread_info_for_mach_thread(mach_port_t thread_port)
161*4d495c6eSApple OSS Distributions {
162*4d495c6eSApple OSS Distributions return thread_info_for_mach_thread(thread_port, false /* create */);
163*4d495c6eSApple OSS Distributions }
164*4d495c6eSApple OSS Distributions
165*4d495c6eSApple OSS Distributions
166*4d495c6eSApple OSS Distributions /*
167*4d495c6eSApple OSS Distributions * read_byte() and write_byte() are functions that
168*4d495c6eSApple OSS Distributions * read or write memory as their first instruction.
169*4d495c6eSApple OSS Distributions * Used to test memory access that may provoke an exception.
170*4d495c6eSApple OSS Distributions *
171*4d495c6eSApple OSS Distributions * try_read_write_exception_handler() below checks if the exception PC
172*4d495c6eSApple OSS Distributions * is equal to one of these functions. The first instruction must be
173*4d495c6eSApple OSS Distributions * the memory access instruction.
174*4d495c6eSApple OSS Distributions *
175*4d495c6eSApple OSS Distributions * try_read_write_exception_handler() below increments the PC by four bytes.
176*4d495c6eSApple OSS Distributions * The memory access instruction must be padded to exactly four bytes.
177*4d495c6eSApple OSS Distributions */
178*4d495c6eSApple OSS Distributions
179*4d495c6eSApple OSS Distributions static uint64_t __attribute__((naked))
read_byte(mach_vm_address_t addr)180*4d495c6eSApple OSS Distributions read_byte(mach_vm_address_t addr)
181*4d495c6eSApple OSS Distributions {
182*4d495c6eSApple OSS Distributions #if __arm64__
183*4d495c6eSApple OSS Distributions asm("\n ldrb w0, [x0]"
184*4d495c6eSApple OSS Distributions "\n ret");
185*4d495c6eSApple OSS Distributions #elif __x86_64__
186*4d495c6eSApple OSS Distributions asm("\n movb (%rdi), %al"
187*4d495c6eSApple OSS Distributions "\n nop" /* pad load to four bytes */
188*4d495c6eSApple OSS Distributions "\n nop"
189*4d495c6eSApple OSS Distributions "\n ret");
190*4d495c6eSApple OSS Distributions #else
191*4d495c6eSApple OSS Distributions # error unknown architecture
192*4d495c6eSApple OSS Distributions #endif
193*4d495c6eSApple OSS Distributions }
194*4d495c6eSApple OSS Distributions
195*4d495c6eSApple OSS Distributions static void __attribute__((naked))
write_byte(mach_vm_address_t addr,uint8_t value)196*4d495c6eSApple OSS Distributions write_byte(mach_vm_address_t addr, uint8_t value)
197*4d495c6eSApple OSS Distributions {
198*4d495c6eSApple OSS Distributions #if __arm64__
199*4d495c6eSApple OSS Distributions asm("\n strb w1, [x0]"
200*4d495c6eSApple OSS Distributions "\n ret");
201*4d495c6eSApple OSS Distributions #elif __x86_64__
202*4d495c6eSApple OSS Distributions asm("\n movb %sil, (%rdi)"
203*4d495c6eSApple OSS Distributions "\n nop" /* pad store to four bytes */
204*4d495c6eSApple OSS Distributions "\n ret");
205*4d495c6eSApple OSS Distributions #else
206*4d495c6eSApple OSS Distributions # error unknown architecture
207*4d495c6eSApple OSS Distributions #endif
208*4d495c6eSApple OSS Distributions }
209*4d495c6eSApple OSS Distributions
210*4d495c6eSApple OSS Distributions
211*4d495c6eSApple OSS Distributions /*
212*4d495c6eSApple OSS Distributions * Mach exception handler for EXC_BAD_ACCESS called by exc_helpers.
213*4d495c6eSApple OSS Distributions * Returns the number of bytes to advance the PC to resolve the exception.
214*4d495c6eSApple OSS Distributions */
215*4d495c6eSApple OSS Distributions static size_t
try_read_write_exception_handler(__unused mach_port_t task,mach_port_t thread,exception_type_t exception,mach_exception_data_t codes,uint64_t exception_pc)216*4d495c6eSApple OSS Distributions try_read_write_exception_handler(
217*4d495c6eSApple OSS Distributions __unused mach_port_t task,
218*4d495c6eSApple OSS Distributions mach_port_t thread,
219*4d495c6eSApple OSS Distributions exception_type_t exception,
220*4d495c6eSApple OSS Distributions mach_exception_data_t codes,
221*4d495c6eSApple OSS Distributions uint64_t exception_pc)
222*4d495c6eSApple OSS Distributions {
223*4d495c6eSApple OSS Distributions assert(exception == EXC_BAD_ACCESS);
224*4d495c6eSApple OSS Distributions try_read_write_thread_t *info = thread_info_for_mach_thread(thread);
225*4d495c6eSApple OSS Distributions assert(info); /* we do not expect exceptions from other threads */
226*4d495c6eSApple OSS Distributions
227*4d495c6eSApple OSS Distributions uint64_t read_byte_pc = (uint64_t)ptrauth_strip(&read_byte, ptrauth_key_function_pointer);
228*4d495c6eSApple OSS Distributions uint64_t write_byte_pc = (uint64_t)ptrauth_strip(&write_byte, ptrauth_key_function_pointer);
229*4d495c6eSApple OSS Distributions
230*4d495c6eSApple OSS Distributions if (exception_pc != read_byte_pc && exception_pc != write_byte_pc) {
231*4d495c6eSApple OSS Distributions /* this exception isn't one of ours - re-raise it */
232*4d495c6eSApple OSS Distributions if (verbose_exc_helper) {
233*4d495c6eSApple OSS Distributions T_LOG("not a try_read_write exception");
234*4d495c6eSApple OSS Distributions }
235*4d495c6eSApple OSS Distributions return EXC_HELPER_HALT;
236*4d495c6eSApple OSS Distributions }
237*4d495c6eSApple OSS Distributions
238*4d495c6eSApple OSS Distributions assert(info->exception_kr == 0); /* no nested exceptions allowed */
239*4d495c6eSApple OSS Distributions
240*4d495c6eSApple OSS Distributions info->exception_pc = exception_pc;
241*4d495c6eSApple OSS Distributions info->exception_kr = codes[0];
242*4d495c6eSApple OSS Distributions info->exception_memory = codes[1];
243*4d495c6eSApple OSS Distributions if (verbose_exc_helper) {
244*4d495c6eSApple OSS Distributions T_LOG("try_read_write exception: pc 0x%llx kr %d mem 0x%llx",
245*4d495c6eSApple OSS Distributions info->exception_pc, info->exception_kr, info->exception_memory);
246*4d495c6eSApple OSS Distributions }
247*4d495c6eSApple OSS Distributions
248*4d495c6eSApple OSS Distributions /* advance pc by 4 bytes to recover */
249*4d495c6eSApple OSS Distributions return 4;
250*4d495c6eSApple OSS Distributions }
251*4d495c6eSApple OSS Distributions
252*4d495c6eSApple OSS Distributions /*
253*4d495c6eSApple OSS Distributions * Create an exc_helpers exception handler port and thread,
254*4d495c6eSApple OSS Distributions * and install the exception handler port on this thread.
255*4d495c6eSApple OSS Distributions */
256*4d495c6eSApple OSS Distributions static void
initialize_exception_handlers(void)257*4d495c6eSApple OSS Distributions initialize_exception_handlers(void)
258*4d495c6eSApple OSS Distributions {
259*4d495c6eSApple OSS Distributions try_read_write_exc_port = create_exception_port(EXC_MASK_BAD_ACCESS);
260*4d495c6eSApple OSS Distributions repeat_exception_handler(try_read_write_exc_port, try_read_write_exception_handler);
261*4d495c6eSApple OSS Distributions }
262*4d495c6eSApple OSS Distributions
263*4d495c6eSApple OSS Distributions /*
264*4d495c6eSApple OSS Distributions * Begin try_read_write exception handling on this thread.
265*4d495c6eSApple OSS Distributions */
266*4d495c6eSApple OSS Distributions static void
begin_expected_exceptions(void)267*4d495c6eSApple OSS Distributions begin_expected_exceptions(void)
268*4d495c6eSApple OSS Distributions {
269*4d495c6eSApple OSS Distributions dispatch_once(&try_read_write_initializer, ^{
270*4d495c6eSApple OSS Distributions initialize_exception_handlers();
271*4d495c6eSApple OSS Distributions });
272*4d495c6eSApple OSS Distributions
273*4d495c6eSApple OSS Distributions try_read_write_thread_t *info = try_read_write_thread_self;
274*4d495c6eSApple OSS Distributions if (!info) {
275*4d495c6eSApple OSS Distributions set_thread_exception_port(try_read_write_exc_port, EXC_MASK_BAD_ACCESS);
276*4d495c6eSApple OSS Distributions info = thread_info_for_mach_thread(mach_thread_self(), true /* create */);
277*4d495c6eSApple OSS Distributions }
278*4d495c6eSApple OSS Distributions
279*4d495c6eSApple OSS Distributions info->exception_kr = 0;
280*4d495c6eSApple OSS Distributions info->exception_pc = 0;
281*4d495c6eSApple OSS Distributions info->exception_memory = 0;
282*4d495c6eSApple OSS Distributions }
283*4d495c6eSApple OSS Distributions
284*4d495c6eSApple OSS Distributions /*
285*4d495c6eSApple OSS Distributions * End try_read_write exception handling on this thread.
286*4d495c6eSApple OSS Distributions * Returns the caught exception data, if any.
287*4d495c6eSApple OSS Distributions */
288*4d495c6eSApple OSS Distributions static void
end_expected_exceptions(kern_return_t * const out_kr,uint64_t * const out_pc,uint64_t * const out_memory)289*4d495c6eSApple OSS Distributions end_expected_exceptions(
290*4d495c6eSApple OSS Distributions kern_return_t * const out_kr,
291*4d495c6eSApple OSS Distributions uint64_t * const out_pc,
292*4d495c6eSApple OSS Distributions uint64_t * const out_memory)
293*4d495c6eSApple OSS Distributions {
294*4d495c6eSApple OSS Distributions try_read_write_thread_t *info = try_read_write_thread_self;
295*4d495c6eSApple OSS Distributions assert(info);
296*4d495c6eSApple OSS Distributions *out_kr = info->exception_kr;
297*4d495c6eSApple OSS Distributions *out_pc = info->exception_pc;
298*4d495c6eSApple OSS Distributions *out_memory = info->exception_memory;
299*4d495c6eSApple OSS Distributions }
300*4d495c6eSApple OSS Distributions
301*4d495c6eSApple OSS Distributions
302*4d495c6eSApple OSS Distributions extern bool
try_read_byte(mach_vm_address_t addr,uint8_t * const out_byte,kern_return_t * const out_error)303*4d495c6eSApple OSS Distributions try_read_byte(
304*4d495c6eSApple OSS Distributions mach_vm_address_t addr,
305*4d495c6eSApple OSS Distributions uint8_t * const out_byte,
306*4d495c6eSApple OSS Distributions kern_return_t * const out_error)
307*4d495c6eSApple OSS Distributions {
308*4d495c6eSApple OSS Distributions kern_return_t exception_kr;
309*4d495c6eSApple OSS Distributions uint64_t exception_pc;
310*4d495c6eSApple OSS Distributions uint64_t exception_memory;
311*4d495c6eSApple OSS Distributions
312*4d495c6eSApple OSS Distributions begin_expected_exceptions();
313*4d495c6eSApple OSS Distributions *out_byte = read_byte(addr);
314*4d495c6eSApple OSS Distributions end_expected_exceptions(&exception_kr, &exception_pc, &exception_memory);
315*4d495c6eSApple OSS Distributions
316*4d495c6eSApple OSS Distributions /*
317*4d495c6eSApple OSS Distributions * pc was verified inside the exception handler.
318*4d495c6eSApple OSS Distributions * kr will be verified by the caller.
319*4d495c6eSApple OSS Distributions * Verify address here.
320*4d495c6eSApple OSS Distributions */
321*4d495c6eSApple OSS Distributions
322*4d495c6eSApple OSS Distributions if (exception_kr != KERN_SUCCESS) {
323*4d495c6eSApple OSS Distributions assert(exception_memory == addr);
324*4d495c6eSApple OSS Distributions }
325*4d495c6eSApple OSS Distributions
326*4d495c6eSApple OSS Distributions *out_error = exception_kr;
327*4d495c6eSApple OSS Distributions return exception_kr == 0;
328*4d495c6eSApple OSS Distributions }
329*4d495c6eSApple OSS Distributions
330*4d495c6eSApple OSS Distributions extern bool
try_write_byte(mach_vm_address_t addr,uint8_t byte,kern_return_t * const out_error)331*4d495c6eSApple OSS Distributions try_write_byte(
332*4d495c6eSApple OSS Distributions mach_vm_address_t addr,
333*4d495c6eSApple OSS Distributions uint8_t byte,
334*4d495c6eSApple OSS Distributions kern_return_t * const out_error)
335*4d495c6eSApple OSS Distributions {
336*4d495c6eSApple OSS Distributions kern_return_t exception_kr;
337*4d495c6eSApple OSS Distributions uint64_t exception_pc;
338*4d495c6eSApple OSS Distributions uint64_t exception_memory;
339*4d495c6eSApple OSS Distributions
340*4d495c6eSApple OSS Distributions begin_expected_exceptions();
341*4d495c6eSApple OSS Distributions write_byte(addr, byte);
342*4d495c6eSApple OSS Distributions end_expected_exceptions(&exception_kr, &exception_pc, &exception_memory);
343*4d495c6eSApple OSS Distributions
344*4d495c6eSApple OSS Distributions /*
345*4d495c6eSApple OSS Distributions * pc was verified inside the exception handler.
346*4d495c6eSApple OSS Distributions * kr will be verified by the caller.
347*4d495c6eSApple OSS Distributions * Verify address here.
348*4d495c6eSApple OSS Distributions */
349*4d495c6eSApple OSS Distributions
350*4d495c6eSApple OSS Distributions if (exception_kr != KERN_SUCCESS) {
351*4d495c6eSApple OSS Distributions assert(exception_memory == addr);
352*4d495c6eSApple OSS Distributions }
353*4d495c6eSApple OSS Distributions
354*4d495c6eSApple OSS Distributions *out_error = exception_kr;
355*4d495c6eSApple OSS Distributions return exception_kr == 0;
356*4d495c6eSApple OSS Distributions }
357